Aeroflot Cancels Flights Amid Cyberattack Disruption
▼ Summary
– Aeroflot, Russia’s flag carrier, experienced a cyberattack causing over 60 flight cancellations and severe delays, though Russian officials did not attribute the attack to specific groups.
– Ukrainian and Belarusian hacktivist groups ‘Silent Crow’ and ‘Cyberpartisans BY’ claimed responsibility, citing prior attacks on Belarusian Railway for supporting Russian military logistics.
– The hackers claimed to have infiltrated Aeroflot’s IT infrastructure for a year, mapping and destroying systems, including hypervisors, virtualization installations, and server management interfaces.
– They allegedly exfiltrated sensitive data, including flight history, executive workstation files, wiretapping recordings, and wiped 7,000 servers hosting terabytes of databases and emails.
– This follows a 2023 attack by Ukrainian hackers on Russia’s Federal Air Transport Agency, which exposed operational decay due to sanctions and spare parts shortages.
Russia’s national airline Aeroflot faces major operational disruptions following a sophisticated cyberattack that forced the cancellation of dozens of flights and caused widespread delays. The incident has drawn attention to the growing vulnerability of critical transportation infrastructure to digital threats.
While Russian authorities have not officially identified the perpetrators, Ukrainian and Belarusian hacker groups “Silent Crow” and “Cyberpartisans BY” have publicly claimed responsibility. These groups previously targeted Belarusian Railway in retaliation for its role in transporting Russian military equipment during the ongoing conflict.
According to posts on social media platforms, the hackers allege they spent more than a year infiltrating Aeroflot’s network, mapping its infrastructure before executing a destructive attack. They claim to have compromised 122 hypervisors, 43 ZVIRT virtualization systems, around 100 iLO management interfaces, and four Proxmox clusters, critical components of the airline’s IT operations.
The attackers further assert they extracted vast amounts of sensitive data, including flight records, executive workstation files, recorded phone conversations, and employee monitoring logs. On the day of the attack, they reportedly wiped 7,000 physical and virtual servers, erasing 12TB of databases, 8TB of shared files, and 2TB of corporate emails. The groups have threatened to release the stolen information, potentially exposing personal details of millions of passengers.
Aeroflot has not verified these claims, but the airline’s ongoing technical difficulties strongly suggest a cyber incident. As Russia’s largest carrier, operating 171 aircraft across 104 destinations, the disruption affects millions of travelers. The Russian government owns a 74% stake in the company, which handled over 55 million passengers last year, 42% of the domestic market.
Flight cancellations persist, with some services reportedly operating without digital support. This attack follows a November 2023 breach of Russia’s Federal Air Transport Agency (Rosaviatsia) by Ukrainian hackers, who leaked documents revealing severe operational challenges due to sanctions. The repeated targeting of aviation systems underscores the escalating cyber warfare between the two nations.
The incident highlights the increasing risks to global aviation infrastructure as geopolitical tensions spill into cyberspace. With airlines relying heavily on interconnected systems, such attacks could have far-reaching consequences beyond immediate flight disruptions.
(Source: Bleeping Computer)
